Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 575731

Summary: download.eclipse.org/releases/ and download.eclipse.org/technology/ do not upgrade HTTP to HTTPS
Product: Community Reporter: Some User <some-eclipse-user-84964571335246229170>
Component: ServersAssignee: Eclipse Webmaster <webmaster>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: P3 CC: denis.roy, Ed.Merks, mistria
Version: unspecified   
Target Milestone: ---   
Hardware: PC   
OS: Windows 10   
See Also: https://bugs.eclipse.org/bugs/show_bug.cgi?id=575904
Whiteboard:

Description Some User CLA 2021-08-31 19:45:24 EDT
Based on https://bugs.eclipse.org/bugs/show_bug.cgi?id=575688#c10

The page http://download.eclipse.org/releases/ (and subpages) does not upgrade the request to use HTTPS when accessed using the browser.
Comment 1 Some User CLA 2021-09-02 16:22:30 EDT
Also affects http://download.eclipse.org/technology/
(have edited the title of this report accordingly)
Comment 2 Some User CLA 2021-09-02 16:40:25 EDT
Or maybe this applies to all (?) subpages of the download.eclipse.org subdomain. For example the 404 page for http://download.eclipse.org/does-not-exist/ does not redirect to HTTPS either. But http://eclipse.org/does-not-exist/ does perform a redirect.
Comment 3 Eclipse Webmaster CLA 2021-09-03 14:28:43 EDT
I think it's time to simply redirect all d.e.o traffic from HTTP to HTTPS.  I've submitted a patch to do that which needs internal review before it goes live.

-M.
Comment 4 Denis Roy CLA 2021-09-03 14:34:54 EDT
*** Bug 571595 has been marked as a duplicate of this bug. ***
Comment 5 Some User CLA 2021-09-04 19:39:00 EDT
(In reply to Denis Roy from comment #4)
> *** Bug 571595 has been marked as a duplicate of this bug. ***

That report also mentions archive.eclipse.org; will that be redirected as well in the future?
Comment 6 Some User CLA 2021-09-06 07:04:04 EDT
Is looks like subpages of www.eclipse.org and eclipse.org are affected in a similar way. Do you want me to create a separate report for this?

For example opening http://www.eclipse.org/projects/ or http://eclipse.org/org/workinggroups/ in a new private browser window does not redirect to HTTPS.
However, if you had opened eclipse.org using HTTPS in the past, then you are redirected to HTTPS due to HSTS.
Comment 7 Eclipse Webmaster CLA 2021-09-14 11:14:47 EDT
The patch has been made live so both downloads and archive should now correctly redirect requests to HTTPS.

-M.
Comment 8 Mickael Istria CLA 2021-09-16 11:59:30 EDT
(In reply to Eclipse Webmaster from comment #7)
> The patch has been made live so both downloads and archive should now
> correctly redirect requests to HTTPS.

Thanks for that!